By: Thomas Dworetzky and Gus Iversen
Newsflash for hospital administrators: A cyberattack, like the one that just hit Hollywood Presbyterian Medical Center, might just put the "paper" back into your health care paperwork — and it may set you back at least a few grand to resolve.
Staff at the Los Angeles facility first spotted "significant IT issues and declared an internal emergency" last Friday. The ransomware attack shut down computers on February 5 and forced staff to resort to overworked fax lines and old-fashioned paper "charts" according to reports.
It was widely stated that the blackmailers demanded 9,000 bitcoins, or about $3.7 million dollars, for the keys to unlock the system, but a new statement from the hospital
asserts that the ransom was considerably lower — and has been paid.
Special-Pricing Available on Medical Displays, Patient Monitors, Recorders, Printers, Media, Ultrasound Machines, and Cameras.This includes Top Brands such as SONY, BARCO, NDS, NEC, LG, EDAN, EIZO, ELO, FSN, PANASONIC, MITSUBISHI, OLYMPUS, & WIDE.
"The reports of the hospital paying 9000 Bitcoins or $3.4 million are false. The amount of ransom requested was 40 Bitcoins, equivalent to approximately $17,000," Hollywood Presbyterian wrote in a statement on Wednesday. "The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key. In the best interest of restoring normal operations, we did this."
For now, the $17,000 appears to have resolved the problem, but the implications for other susceptible health care facilities remain significant.
“Things are kind of slow,” vocational nurse Tina Bordas, a representative of the facilities nurses, told The Guardian during the technology blackout
. But she added that some "old-school" staffers actually prefer paper.
“It takes less time to write something on paper than put it in the computer,” said the 27-year-veteran nurse. “A computer screen isn’t that friendly and as a nurse, there are certain things that you want to document that might not fit into a computer form.”
CEO Stefanek didn't think the hospital had been specifically targeted, telling NBC that "it was clearly not a malicious attack,” and added that he thought "it was a random attack.”
Experts suggest, however, that health care institutions are particularly juicy targets for ransom-driven hackers. "The expanding number of access points to Protected Health Information (PHI) and other sensitive data via electronic medical records and the growing popularity of wearable technology makes the health care industry a vulnerable and attractive target for cybercriminals.